trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

providers/saml: improved error handling 

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-09-16 10:58:51 +02:00
parent 124071f9be
commit ae26d2756f
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
authentik/providers/saml/processors/request_parser.py
View File

@ -59,6 +59,10 @@ class AuthNRequestParser:
) -> AuthNRequest: ) -> AuthNRequest:
root = ElementTree.fromstring(decoded_xml) root = ElementTree.fromstring(decoded_xml)
if "AssertionConsumerServiceURL" not in root.attrib:
msg = "Missing 'AssertionConsumerServiceURL' attribute"
LOGGER.warning(msg)
raise CannotHandleAssertion(msg)
request_acs_url = root.attrib["AssertionConsumerServiceURL"] request_acs_url = root.attrib["AssertionConsumerServiceURL"]
if self.provider.acs_url.lower() != request_acs_url.lower(): if self.provider.acs_url.lower() != request_acs_url.lower():
@ -66,7 +70,7 @@ class AuthNRequestParser:
f"ACS URL of {request_acs_url} doesn't match Provider " f"ACS URL of {request_acs_url} doesn't match Provider "
f"ACS URL of {self.provider.acs_url}." f"ACS URL of {self.provider.acs_url}."
) )
LOGGER.info(msg) LOGGER.warning(msg)
raise CannotHandleAssertion(msg) raise CannotHandleAssertion(msg)
auth_n_request = AuthNRequest(id=root.attrib["ID"], relay_state=relay_state) auth_n_request = AuthNRequest(id=root.attrib["ID"], relay_state=relay_state)